Recent Uptick in Social Engineering Attacks via Phishing, Smishing & Vishing

There has been a noted general uptick in social engineering attacks, which are designed to manipulate individuals into taking an action, such as divulging confidential or sensitive information. These attacks commonly take the form of phishing (attacks via email), smishing (attacks via text message) and vishing (attacks via phone). Common tactics include crafting messages that appear to be from trusted entities or people, which contain familiar logos/branding and use expected language. These messages often convey a sense of urgency and seek immediate action of some kind from recipients.

For example, recent vishing scams include callers purporting to be from the IRS, FTC, U.S. Department of Treasury or other government entities. In the FTC scam, callers seek remote access to your computer on the pretext that they are providing benefits in connection with the FTC’s Advanced Tech Support refund program. Scammers even told people to call if they had questions, but the phone number they supplied was not legitimate. This scam is also known as a tech support scam in which scammers seek to install malware on your device or sell you worthless software as a pretext for obtaining your payment information. Scammers may even direct you to a website with fake customer testimonials.

Please be reminded of the following best practices when evaluating the communications you receive:

  • Never open attachments or click embedded links in unsolicited/unexpected messages, including email, text messages or social media messages.
  • If in doubt of the legitimacy of a communication, contact the sender independently via a trusted phone number to confirm. Remember that scammers can spoof email addresses and phone numbers, so the sender’s contact information may appear legitimate when it is not.  
  • Never provide personal or payment information in response to unsolicited/unverified communications of any kind.  
  • Never provide remote access to your device to an unsolicited/unverified party.  
  • Limit what you share about yourself and others online as scammers use social media to gather information to use in targeted attacks.

Resources:

Social Engineering Attacks and How You Can Protect Yourself, https://wp.nyu.edu/connect/2015/03/13/social-engineering/

Phishing, Spear Phishing and Whaling, https://wp.nyu.edu/connect/2017/03/01/phishing-and-whaling/

Learn to Spot a Phony: Detecting and Avoiding Phone Scams, https://wp.nyu.edu/connect/2017/09/19/learn-to-spot-a-phony/

Safe Social Networking,

Safe Social Networking